Description

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs.

INFO

Published Date :

2024-11-29T09:06:56.251Z

Last Modified :

2024-12-02T18:15:27.594Z

Source :

jpcert
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50357 vulnerability.

Vendors Products
Centurysys
  • Futurenet Nxr-g050 Firmware
  • Futurenet Nxr-g060 Firmware
  • Futurenet Nxr-g110 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50357.

URL Resource
https://jvn.jp/en/vu/JVNVU95001899/ cve-icon cve-icon
https://www.centurysys.co.jp/backnumber/nxr_common/20241031-01.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact